lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Not escaped html value

Browse Source
This commit is contained in:
Laurent Destailleur 2012-05-09 17:44:52 +02:00
parent ca67f976b6
commit 9f770d862d
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/core/lib/admin.lib.php
View File

@ -481,7 +481,6 @@ function dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $not
//print "sql".$value."-".pg_escape_string($value)."-".$sql;exit;
//print "xx".$db->escape($value);
//print $sql;exit;
dol_syslog("admin.lib::dolibarr_set_const sql=".$sql, LOG_DEBUG);
$resql=$db->query($sql);
}
@ -1036,7 +1035,7 @@ function form_constantes($tableau)
print '<input type="hidden" name="action" value="update">';
print '<input type="hidden" name="rowid" value="'.$obj->rowid.'">';
print '<input type="hidden" name="constname" value="'.$const.'">';
print '<input type="hidden" name="constnote" value="'.nl2br($obj->note).'">';
print '<input type="hidden" name="constnote" value="'.nl2br(dol_escape_htmltag($obj->note)).'">';
print $langs->trans("Desc".$const) != ("Desc".$const) ? $langs->trans("Desc".$const) : ($obj->note?$obj->note:$const);
@ -1190,4 +1189,4 @@ function delDocumentModel($name, $type)
}
}
?>
?>